"All customers served by our US data centre," are potentially vulnerable, according to an email reportedly sent to customers. The email allegedly states that OneLogin cannot reveal additional information on the attack as it is being investigated by law enforcement agencies.

“We cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take,” it said, advising customers to take a number of steps, including resetting passwords and generating new security certificates.

Hey @OneLogin you shouldn't have the security article behind OneLogin. Kind of hard to trust it right now. Make it publicly accessible!

In 2013 the company announced it had reached a user base of 12 million, including 700 corporate customers.

The service allows users to access multiple apps and sites using a single sign-on. Services integrated into OneLogin include DropBox, Amazon Web Services, Office 365, Salesforce, Sharepoint, Slack and Zendesk.